/**
* Multiplies a {@link NBitcoin.BouncyCastle.math.ec.F2mPoint F2mPoint}
* by an element <code>λ</code> of <code><b>Z</b>[τ]</code> using
* the <code>τ</code>-adic NAF (TNAF) method.
* @param p The F2mPoint to multiply.
* @param lambda The element <code>λ</code> of
* <code><b>Z</b>[τ]</code> of which to compute the
* <code>[τ]</code>-adic NAF.
* @return <code>p</code> multiplied by <code>λ</code>.
*/
private F2mPoint MultiplyWTnaf(F2mPoint p, ZTauElement lambda,
PreCompInfo preCompInfo, sbyte a, sbyte mu)
{
ZTauElement[] alpha = (a == 0) ? Tnaf.Alpha0 : Tnaf.Alpha1;
BigInteger tw = Tnaf.GetTw(mu, Tnaf.Width);
sbyte[]u = Tnaf.TauAdicWNaf(mu, lambda, Tnaf.Width,
BigInteger.ValueOf(Tnaf.Pow2Width), tw, alpha);
return MultiplyFromWTnaf(p, u, preCompInfo);
}
/**
* Multiplies a {@link NBitcoin.BouncyCastle.math.ec.F2mPoint F2mPoint}
* by an element <code>λ</code> of <code><b>Z</b>[τ]</code>
* using the window <code>τ</code>-adic NAF (TNAF) method, given the
* WTNAF of <code>λ</code>.
* @param p The F2mPoint to multiply.
* @param u The the WTNAF of <code>λ</code>..
* @return <code>λ * p</code>
*/
private static F2mPoint MultiplyFromWTnaf(F2mPoint p, sbyte[] u, PreCompInfo preCompInfo)
{
F2mCurve curve = (F2mCurve)p.Curve;
sbyte a = (sbyte)curve.A.ToBigInteger().IntValue;
F2mPoint[] pu;
if ((preCompInfo == null) || !(preCompInfo is WTauNafPreCompInfo))
{
pu = Tnaf.GetPreComp(p, a);
WTauNafPreCompInfo pre = new WTauNafPreCompInfo();
pre.PreComp = pu;
curve.SetPreCompInfo(p, PRECOMP_NAME, pre);
}
else
{
pu = ((WTauNafPreCompInfo)preCompInfo).PreComp;
}
// q = infinity
F2mPoint q = (F2mPoint)curve.Infinity;
for (int i = u.Length - 1; i >= 0; i--)
{
q = Tnaf.Tau(q);
sbyte ui = u[i];
if (ui != 0)
{
if (ui > 0)
{
q = q.AddSimple(pu[ui]);
}
else
{
// u[i] < 0
q = q.SubtractSimple(pu[-ui]);
}
}
}
return q;
}
/**
* Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
* by an element <code>λ</code> of <code><b>Z</b>[τ]</code> using
* the <code>τ</code>-adic NAF (TNAF) method.
* @param p The F2mPoint to multiply.
* @param lambda The element <code>λ</code> of
* <code><b>Z</b>[τ]</code> of which to compute the
* <code>[τ]</code>-adic NAF.
* @return <code>p</code> multiplied by <code>λ</code>.
*/
private F2mPoint MultiplyWTnaf(F2mPoint p, ZTauElement lambda,
PreCompInfo preCompInfo, sbyte a, sbyte mu)
{
ZTauElement[] alpha;
if (a == 0)
{
alpha = Tnaf.Alpha0;
}
else
{
// a == 1
alpha = Tnaf.Alpha1;
}
BigInteger tw = Tnaf.GetTw(mu, Tnaf.Width);
sbyte[] u = Tnaf.TauAdicWNaf(mu, lambda, Tnaf.Width,
BigInteger.ValueOf(Tnaf.Pow2Width), tw, alpha);
return(MultiplyFromWTnaf(p, u, preCompInfo));
}
/**
* Multiplies a {@link Al.Security.math.ec.F2mPoint F2mPoint}
* by an element <code>λ</code> of <code><b>Z</b>[τ]</code>
* using the window <code>τ</code>-adic NAF (TNAF) method, given the
* WTNAF of <code>λ</code>.
* @param p The F2mPoint to multiply.
* @param u The the WTNAF of <code>λ</code>..
* @return <code>λ * p</code>
*/
private static F2mPoint MultiplyFromWTnaf(F2mPoint p, sbyte[] u,
PreCompInfo preCompInfo)
{
F2mCurve curve = (F2mCurve)p.Curve;
sbyte a = (sbyte)curve.A.ToBigInteger().IntValue;
F2mPoint[] pu;
if ((preCompInfo == null) || !(preCompInfo is WTauNafPreCompInfo))
{
pu = Tnaf.GetPreComp(p, a);
p.SetPreCompInfo(new WTauNafPreCompInfo(pu));
}
else
{
pu = ((WTauNafPreCompInfo)preCompInfo).GetPreComp();
}
// q = infinity
F2mPoint q = (F2mPoint)p.Curve.Infinity;
for (int i = u.Length - 1; i >= 0; i--)
{
q = Tnaf.Tau(q);
if (u[i] != 0)
{
if (u[i] > 0)
{
q = q.AddSimple(pu[u[i]]);
}
else
{
// u[i] < 0
q = q.SubtractSimple(pu[-u[i]]);
}
}
}
return(q);
}
public F2mCurve(int m, int k1, int k2, int k3, BigInteger a, BigInteger b, BigInteger order, BigInteger cofactor)
: base(m, k1, k2, k3)
{
this.m = m;
this.k1 = k1;
this.k2 = k2;
this.k3 = k3;
m_order = order;
m_cofactor = cofactor;
m_infinity = new F2mPoint(this, null, null);
if (k1 == 0)
{
throw new ArgumentException("k1 must be > 0");
}
if (k2 == 0)
{
if (k3 != 0)
{
throw new ArgumentException("k3 must be 0 if k2 == 0");
}
}
else
{
if (k2 <= k1)
{
throw new ArgumentException("k2 must be > k1");
}
if (k3 <= k2)
{
throw new ArgumentException("k3 must be > k2");
}
}
m_a = FromBigInteger(a);
m_b = FromBigInteger(b);
m_coord = 6;
}
// 6.8. Вычисление случайной точки эллиптической кривой
static F2mPoint computeRandomPoint(F2mCurve curve)
{
// 1. Вычислим случайный элемент основного поля
BigInteger u = RNG.GetRandomInteger(curve.M);
var u__element = new F2mFieldElement(curve.M, curve.K1, curve.K2, curve.K3, u);
var a__element = new F2mFieldElement(curve.M, curve.K1, curve.K2, curve.K3, curve.A.ToBigInteger());
var b__element = new F2mFieldElement(curve.M, curve.K1, curve.K2, curve.K3, curve.B.ToBigInteger());
var au__element = u__element.Multiply(u__element).Multiply(a__element);
// 2. Вычисляем элемент основного поля w = u ^ 3 + A u ^ 2 + B
var w__element = u__element.Multiply(u__element).Multiply(u__element).Add(au__element).Add(b__element);
// 3. Решаем квадратное уравнение z^2 + uz = w
var z__element = quadraticEquation(curve, u__element.ToBigInteger(), w__element.ToBigInteger());
// 5. Принимают x = u, y = z
var point = new F2mPoint(curve, u__element, z__element);
return(point);
}
/**
* Constructor for <code>WTauNafPreCompInfo</code>
* @param preComp Array holding the precomputed <code>F2mPoint</code>s
* used for the WTNAF multiplication in <code>
* {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
* WTauNafMultiplier.multiply()}</code>.
*/
internal WTauNafPreCompInfo(F2mPoint[] preComp)
{
this.preComp = preComp;
}
/**
* Does the precomputation for WTNAF multiplication.
* @param p The <code>ECPoint</code> for which to do the precomputation.
* @param a The parameter <code>a</code> of the elliptic curve.
* @return The precomputation array for <code>p</code>.
*/
public static F2mPoint[] GetPreComp(F2mPoint p, sbyte a)
{
F2mPoint[] pu;
pu = new F2mPoint[16];
pu[1] = p;
sbyte[][] alphaTnaf;
if (a == 0)
{
alphaTnaf = Tnaf.Alpha0Tnaf;
}
else
{
// a == 1
alphaTnaf = Tnaf.Alpha1Tnaf;
}
int precompLen = alphaTnaf.Length;
for (int i = 3; i < precompLen; i = i + 2)
{
pu[i] = Tnaf.MultiplyFromTnaf(p, alphaTnaf[i]);
}
return pu;
}
/**
* Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
* by an element <code>λ</code> of <code><b>Z</b>[τ]</code>
* using the <code>τ</code>-adic NAF (TNAF) method, given the TNAF
* of <code>λ</code>.
* @param p The F2mPoint to Multiply.
* @param u The the TNAF of <code>λ</code>..
* @return <code>λ * p</code>
*/
public static F2mPoint MultiplyFromTnaf(F2mPoint p, sbyte[] u)
{
F2mCurve curve = (F2mCurve)p.Curve;
F2mPoint q = (F2mPoint) curve.Infinity;
for (int i = u.Length - 1; i >= 0; i--)
{
q = Tau(q);
if (u[i] == 1)
{
q = (F2mPoint)q.AddSimple(p);
}
else if (u[i] == -1)
{
q = (F2mPoint)q.SubtractSimple(p);
}
}
return q;
}
/**
* Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
* by an element <code>λ</code> of <code><b>Z</b>[τ]</code>
* using the <code>τ</code>-adic NAF (TNAF) method.
* @param p The F2mPoint to Multiply.
* @param lambda The element <code>λ</code> of
* <code><b>Z</b>[τ]</code>.
* @return <code>λ * p</code>
*/
public static F2mPoint MultiplyTnaf(F2mPoint p, ZTauElement lambda)
{
F2mCurve curve = (F2mCurve)p.Curve;
sbyte mu = curve.GetMu();
sbyte[] u = TauAdicNaf(mu, lambda);
F2mPoint q = MultiplyFromTnaf(p, u);
return q;
}
/**
* Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
* by a <code>BigInteger</code> using the reduced <code>τ</code>-adic
* NAF (RTNAF) method.
* @param p The F2mPoint to Multiply.
* @param k The <code>BigInteger</code> by which to Multiply <code>p</code>.
* @return <code>k * p</code>
*/
public static F2mPoint MultiplyRTnaf(F2mPoint p, BigInteger k)
{
F2mCurve curve = (F2mCurve) p.Curve;
int m = curve.M;
sbyte a = (sbyte) curve.A.ToBigInteger().IntValue;
sbyte mu = curve.GetMu();
BigInteger[] s = curve.GetSi();
ZTauElement rho = PartModReduction(k, m, a, s, mu, (sbyte)10);
return MultiplyTnaf(p, rho);
}
/**
* Applies the operation <code>τ()</code> to an
* <code>F2mPoint</code>.
* @param p The F2mPoint to which <code>τ()</code> is applied.
* @return <code>τ(p)</code>
*/
public static F2mPoint Tau(F2mPoint p)
{
if (p.IsInfinity)
return p;
ECFieldElement x = p.X;
ECFieldElement y = p.Y;
return new F2mPoint(p.Curve, x.Square(), y.Square(), p.IsCompressed);
}
public static AsymmetricKeyParameter CreateKey(
SubjectPublicKeyInfo keyInfo)
{
AlgorithmIdentifier algID = keyInfo.AlgorithmID;
if (algID.ObjectID.Equals(PkcsObjectIdentifiers.RsaEncryption) ||
algID.ObjectID.Equals(X509ObjectIdentifiers.IdEARsa))
{
RsaPublicKeyStructure pubKey = RsaPublicKeyStructure.GetInstance(keyInfo.GetPublicKey());
return(new RsaKeyParameters(false, pubKey.Modulus, pubKey.PublicExponent));
}
else if (algID.ObjectID.Equals(PkcsObjectIdentifiers.DhKeyAgreement) ||
algID.ObjectID.Equals(X9ObjectIdentifiers.DHPublicNumber))
{
DHParameter para = new DHParameter((Asn1Sequence)keyInfo.AlgorithmID.Parameters);
DerInteger derY = (DerInteger)keyInfo.GetPublicKey();
return(new DHPublicKeyParameters(derY.Value, new DHParameters(para.P, para.G)));
}
else if (algID.ObjectID.Equals(OiwObjectIdentifiers.ElGamalAlgorithm))
{
ElGamalParameter para = new ElGamalParameter((Asn1Sequence)keyInfo.AlgorithmID.Parameters);
DerInteger derY = (DerInteger)keyInfo.GetPublicKey();
return(new ElGamalPublicKeyParameters(derY.Value, new ElGamalParameters(para.P, para.G)));
}
else if (algID.ObjectID.Equals(X9ObjectIdentifiers.IdDsa) ||
algID.ObjectID.Equals(OiwObjectIdentifiers.DsaWithSha1))
{
DsaParameter para = DsaParameter.GetInstance(keyInfo.AlgorithmID.Parameters);
DerInteger derY = (DerInteger)keyInfo.GetPublicKey();
return(new DsaPublicKeyParameters(derY.Value, new DsaParameters(para.P, para.Q, para.G)));
}
else if (algID.ObjectID.Equals(X9ObjectIdentifiers.IdECPublicKey))
{
X962Parameters para = new X962Parameters((Asn1Object)keyInfo.AlgorithmID.Parameters);
ECDomainParameters dParams = null;
if (para.IsNamedCurve)
{
DerObjectIdentifier oid = (DerObjectIdentifier)para.Parameters;
X9ECParameters ecP = X962NamedCurves.GetByOid(oid);
if (ecP == null)
{
ecP = SecNamedCurves.GetByOid(oid);
if (ecP == null)
{
ecP = NistNamedCurves.GetByOid(oid);
}
}
dParams = new ECDomainParameters(
ecP.Curve,
ecP.G,
ecP.N,
ecP.H,
ecP.GetSeed());
}
else
{
X9ECParameters ecP = new X9ECParameters((Asn1Sequence)para.Parameters.ToAsn1Object());
dParams = new ECDomainParameters(
ecP.Curve,
ecP.G,
ecP.N,
ecP.H,
ecP.GetSeed());
}
DerBitString bits = keyInfo.PublicKeyData;
byte[] data = bits.GetBytes();
Asn1OctetString key = new DerOctetString(data);
X9ECPoint derQ = new X9ECPoint(dParams.Curve, key);
return(new ECPublicKeyParameters(derQ.Point, dParams));
}
else if (algID.ObjectID.Equals(CryptoProObjectIdentifiers.GostR3410x2001))
{
Gost3410PublicKeyAlgParameters gostParams = new Gost3410PublicKeyAlgParameters(
(Asn1Sequence)algID.Parameters);
Asn1OctetString key;
try
{
key = (Asn1OctetString)keyInfo.GetPublicKey();
}
catch (IOException)
{
throw new ArgumentException("invalid info structure in GOST3410 public key");
}
byte[] keyEnc = key.GetOctets();
byte[] x = new byte[32];
byte[] y = new byte[32];
for (int i = 0; i != y.Length; i++)
{
x[i] = keyEnc[32 - 1 - i];
}
for (int i = 0; i != x.Length; i++)
{
y[i] = keyEnc[64 - 1 - i];
}
ECDomainParameters ecP = ECGost3410NamedCurves.GetByOid(gostParams.PublicKeyParamSet);
if (ecP == null)
{
return(null);
}
ECCurve curve = ecP.Curve;
ECPoint q;
if (curve is FpCurve)
{
FpCurve curveFp = (FpCurve)curve;
q = new FpPoint(
curveFp,
new FpFieldElement(curveFp.Q, new BigInteger(1, x)),
new FpFieldElement(curveFp.Q, new BigInteger(1, y)));
}
else
{
F2mCurve curveF2m = (F2mCurve)curve;
q = new F2mPoint(
curveF2m,
new F2mFieldElement(curveF2m.M, curveF2m.K1, curveF2m.K2, curveF2m.K3, new BigInteger(1, x)),
new F2mFieldElement(curveF2m.M, curveF2m.K1, curveF2m.K2, curveF2m.K3, new BigInteger(1, y)),
false);
}
return(new ECPublicKeyParameters(q, gostParams.PublicKeyParamSet));
}
else if (algID.ObjectID.Equals(CryptoProObjectIdentifiers.GostR3410x94))
{
Gost3410PublicKeyAlgParameters algParams = new Gost3410PublicKeyAlgParameters(
(Asn1Sequence)algID.Parameters);
DerOctetString derY;
try
{
derY = (DerOctetString)keyInfo.GetPublicKey();
}
catch (IOException)
{
throw new ArgumentException("invalid info structure in GOST3410 public key");
}
byte[] keyEnc = derY.GetOctets();
byte[] keyBytes = new byte[keyEnc.Length];
for (int i = 0; i != keyEnc.Length; i++)
{
keyBytes[i] = keyEnc[keyEnc.Length - 1 - i]; // was little endian
}
BigInteger y = new BigInteger(1, keyBytes);
return(new Gost3410PublicKeyParameters(y, algParams.PublicKeyParamSet));
}
else
{
throw new SecurityUtilityException("algorithm identifier in key not recognised: " + algID.ObjectID);
}
}
/**
* Applies the operation <code>τ()</code> to an
* <code>F2mPoint</code>.
* @param p The F2mPoint to which <code>τ()</code> is applied.
* @return <code>τ(p)</code>
*/
public static F2mPoint Tau(F2mPoint p)
{
return(p.Tau());
}
/**
* Applies the operation <code>τ()</code> to an
* <code>F2mPoint</code>.
* @param p The F2mPoint to which <code>τ()</code> is applied.
* @return <code>τ(p)</code>
*/
public static F2mPoint Tau(F2mPoint p)
{
return p.Tau();
}
public Key(F2mCurve curve, F2mPoint basePoint, F2mPoint publicKey)
{
PublicKey = publicKey;
BasePoint = basePoint;
Curve = curve;
}
